Add SNMP checks to MAXfocus automatically

MAXfocus includes more than 300 predefined SNMP checks you can use with your clients. But knowing which checks are valid in any particular case can be difficult. You also have to add each individual check one by one, something that can be a chore if you have many agents to configure. To help with our own monitoring of server hardware agents in particular I have made a powershell script that automates this task as much as possible.

Updated!

I have added 4 more parameters (-Name, -Debug, -Verbose and -logfile). I also had to add a whole host of debugging features to figure out why the script sometimes failed completely do to anything at all when launched as an Automated Task. It turns out that Powershell parameter validation should not be used with MAXfocus, as a script that fails parameter validation will never output anything to the dashboard.

SNMP Checks in MAXfocus DashboardSNMP Checks in MAXfocus Dashboard

The idea behind the script is to loop through all the predefined checks that LogicNow provides with a MAXfocus agent, test it against a target and keep any check that seem to provide a valid value. To be honest I am bit surprised at how well this works. To keep things as simple as possible I made the script scan localhost using public as community string by default. If a server has its hardware agent installed and enabled you will get a nice list of all available SNMP checks on the device where the script was run. You may instruct the script to add any checks found automatically.

If a host does not respond to SNMP or none of the predefined checks returns a valid reading the script does nothing. So there should be no harm in running the script on a host that does not have any SNMP agent installed.

The Challenge

Powershell has no built in support for SNMP so the primary challenge is to make a script able to make a SNMP query. I used this blog post by Simon Strutt to enable Invoke-SNMPget in my script. I have uploaded the necessary .dll to GitHub and download it directly from there. Please note that the script has to download and save this .dll on the device where the script runs to be able to perform any SNMP tests. This means that the script needs access to Internet and you must be comfortable with letting scripts download and access code downloaded from the Internet.

As I cannot make any guarantee as to the authenticity of this .dll I suggest that you download it, run it through VirusTotal.com or some similar services and then host your own version on a server you trust.

Parameters

The script accepts 9 parameters: -Target, -Name, -Community, -UDPport, -Apply, -ReportMode, -Verbose, -Debug and -logfile:

-Target

You can use a hostname, an ip address, a list of names or ip addresses. You may also try to scan an entire network:

  • -Target servername.domain.local

  • -Target server1, server2, server3

  • -Target 192.168.1.0/24

If you only wish to scan the host the script is running on you do not need to use -Target at all.

-Name

A friendly name to use in the check description in the MAXfocus dashboard. Must be a single string. Parameters containing whitespace cannot be passed to a script by MAXfocus.

  • -Name Main_Switch

  • -Name BackupStorageNAS

-Community <community name>[string] (default: “public”)

This is the SNMP community name or password that the script will use to use. Any SNMP capable device has a community name configured, most often it is public by default for read only access. If your devices use public you do not need this option at all.

  • -CommunityOurLittleSecret

  • -CommunityACompletelyRandomString

-UDPport <portnumber>[int] (default: 161)

SNMP uses UDP port 161 by default. In most cases you will not need this option.

  • -UDPport 1610

-Apply

By default the script will return any available checks to the dashboard, but it will not make any changes to the agent configuration files. If you wish you may use -Apply with the script to make it write any valid checks to 247_Config.xml and restart the Advanced Monitoring Agent. The script tries to make sure any OID are only added once pr device scanned.

  • -Apply

-ReportMode <On|Off>[string] (default: “On”)

Use this option if you want the script to add a status of Failed to the dashboard if it finds a missing SNMP check. The script will report status as failed if it finds at least one predefined SNMP check missing on any of the hosts supplied by -Target. If you use -Apply any missing checks will still be added.

  • -ReportMode On

  • -ReportMode Off

-Verbose

This switch turns on verbose output from the script for debugging purposes.

  • -Verbose

-Debug

This switch makes use of the log file MAXfocus provides a script for logging. Detailed information is written to this file. You must access the server locally to look at the log file.

  • -Debug

-logfile (DO NOT USE!)

Any script launched by MAXfocus will be passed a name of a log file a script is allowed to use. This parameter must NOT be used by a user, as that would cause the parameter to be used twice. The launching of a script would then fail. The parameter is included here because you will find it in the code.

  • This parameter is for system use only

MAXfocus_SNMP_Checks.ps1

I have posted this script on GitHub. You can download a copy there.